We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.

What is a Man in the Browser Attack?

Malcolm Tatum
Updated May 16, 2024
Our promise to you
EasyTechJunkie is dedicated to creating trustworthy, high-quality content that always prioritizes transparency, integrity, and inclusivity above all else. Our ensure that our content creation and review process includes rigorous fact-checking, evidence-based, and continual updates to ensure accuracy and reliability.

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

Editorial Standards

At EasyTechJunkie, we are committed to creating content that you can trust. Our editorial process is designed to ensure that every piece of content we publish is accurate, reliable, and informative.

Our team of experienced writers and editors follows a strict set of guidelines to ensure the highest quality content. We conduct thorough research, fact-check all information, and rely on credible sources to back up our claims. Our content is reviewed by subject-matter experts to ensure accuracy and clarity.

We believe in transparency and maintain editorial independence from our advertisers. Our team does not receive direct compensation from advertisers, allowing us to create unbiased content that prioritizes your interests.

A man in the browser attack is an application that is capable of stealing login credentials, account numbers, and various other types of financial information. The attack combines the use of Trojan horses with a unique phishing approach to insinuate a window that overlays the browser on a given computer. The presence of the Trojan horse is transparent to the user, as it does not interfere with the normal use of the browser to visit web sites and engage in transactions on those sites.

These attacks are designed to capture confidential information that can be used to the advantage of the entity that launched the attack. As part of the function, the man in the browser process begins with the establishment of the Trojan on the hard drive. The Trojan embeds in a file and is often hard to isolate. Once the Trojan is in place, the virus launches a transparent overlay on the browser that is unlikely to be detected.

Unlike more traditional phishing methods that employ links in the body of emails to direct users to fake web sites and prompt them to enter secure data, the man in the browser simply captures data as the user enters it. The user is completely unaware of that the data is being hijacked, since he or she is interacting with a legitimate site. The attack does not interfere with the transaction in any way at this point.

Once the data is captured, the entity that created and distributed the attack receives the collection of security codes, credit card numbers, or bank account login information and can begin to use it for a wide range of purposes. The victim may not be aware of the problem until several credit cards have been used or the balance in the checking account begins to drop unexpectedly.

Part of the frustration with a man in the browser attack is that the bug is very hard to detect and even harder to remove from the system. Unlike many other forms on intrusive viruses, the invader operates between the browser security protocols and the input of the user. This means that standard security measures normally will not even reveal the presence of the virus.

EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Malcolm Tatum
By Malcolm Tatum
Malcolm Tatum, a former teleconferencing industry professional, followed his passion for trivia, research, and writing to become a full-time freelance writer. He has contributed articles to a variety of print and online publications, including EasyTechJunkie, and his work has also been featured in poetry collections, devotional anthologies, and newspapers. When not writing, Malcolm enjoys collecting vinyl records, following minor league baseball, and cycling.
Discussion Comments
By anon29216 — On Mar 29, 2009

"Once in place, the Trojan is in place, the virus launches a transparent overlay on the browser that is highly likely to be detected. "

Surely you don't mean 'unlikely to be detected'?

Malcolm Tatum
Malcolm Tatum
Malcolm Tatum, a former teleconferencing industry professional, followed his passion for trivia, research, and writing...
Learn more
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.